• Hi Guest: Welcome to TRIBE, the online home of TRIBE MAGAZINE. If you'd like to post here, or reply to existing posts on TRIBE, you first have to register. Join us!

‘It’s an embarrassment’: CSIS websites show signs of spam-style ‘pharma hack’


Staff member

‘It’s an embarrassment’: CSIS websites show signs of spam-style ‘pharma hack’

Ann Brocklehurst, Special to National Post

The agency at the heart of Canada’s security and intelligence network — and which investigates threats to cyber-security — appears to have had its own websites compromised by rogue online vendors of Viagra and other pharmaceuticals.

Searches conducted through major search engines Google, Bing and Yahoo! reveal that at least two CSIS sites are infected with so-called “pharma malware,” one of the most common spam-style attacks on the web. Searches for dozens of pages in French and English on CSIS’s employee-recruiting sites www.csiscareers.ca and www. carriereauscrs.ca reveal results with warnings “this site may be compromised”

Where they would normally display a short excerpt or description of the content on web pages, the search engines’ results for the infected CSIS pages read, among other things: “buy cheap viagra online without prescription”; “valtrex for cold sore prevention”; and “Tadalafil cialis brand lilly cheap 100mg generic with mastercard express shipping.” The messages appear to be hidden inside the page’s coding and are not visible when visitors open the actual CSIS pages.

Tahera Mufti, a media liaison at CSIS, said there was nothing to be concerned about. “For your information our website is fine, as you can see for yourself,” she said in an email to the National Post on Friday.

Still, one digital security consultant decried it as an “embarrassment” that the agency charged with securing intelligence secrets has evidently failed to secure its own websites against a rather simple method of infiltration. Although, he added, the CSIS human-resources websites in question are low-level and therefore likely to receive less attention from the agency’s IT-security staff. The infiltration does not appear to have affected CSIS’s main website, Welcome to the CSIS | Bienvenue au SCRS.

According to Google’s resources for webmasters, this kind of pharmacy hack uses what IT specialists call redirection malware. Spam-links for drugs such as Viagra, Cialis, Xanax and other staples of Internet schemes are “cloaked,” hidden from visitors viewing the websites (which is why those who click the search result find a CSIS page that appears normal), but the hacked content is visible to Google and other search engine robots. The content is unlikely to harm visitors’ computers, but it can also be used to bounce them over to the hackers’ websites or clutter up screens with pop-up ads. In a worst-case scenario, the method can be used to covertly infect visitors’ computers with malware, or malicious software that can secretly gather information from or otherwise compromise computers.

Robert Beggs, CEO of Digital Defence, a Burlington, Ont.-based company that provides information security services to corporate clients, believes the attack in question is almost certainly an automated one and unlikely to be specifically targeting CSIS. He said it appears to be an “SQL injection,” where a hacking program scours websites for forms meant for visitors to fill out. Instead of filling in requested information such as a name and address, the program then enters coded commands using the SQL database format. This allows hackers to interact with the database and replace content on affected web pages.

Mr. Beggs estimates some 70% of websites are poorly secured and vulnerable to such attacks, but he says it’s unusual for large companies and organizations with a dedicated IT staff not to be protected. “CSIS should not be vulnerable to SQL injection. It’s an embarrassment that the people responsible for the government’s secrets aren’t doing the most minor, easy-to-fix stuff for their own websites,” he said.

Mr. Beggs said the attack is also “indicative of a lack of a consistent security program.” He finds this troubling given that a number of easily available software security programs, both free and commercial, scan for and protect against this type of vulnerability.

While Mr. Beggs doubts that this particular attack has been used to steal information, he said CSIS needs to analyze what happened and why part of its processes seem to have failed.

“This is a symptom of the shoemaker’s children who don’t have proper shoes,” he said.

from the National Post
CSIS websites show signs of spam-style


TRIBE Member
Yes. Intelligence agencies are filled with people and they fuck up all the time - just like every other organization filled with frail human beings... which is like, all of them.

Haha, egg on their face for sure!


TRIBE Member
they really need to firm up their security. you can't just walk this situation off.

agreed. imagine you looked under your mechanics hood and saw a mess of duct tape and chewing gum holding his engine together...would you want him working on your car after that?


TRIBE Member
Long as the websites are throwaway and not attached to anything of import...I don't see much of a problem other than public perception...and I don't know that it matters at all.
tribe cannabis accessories silver grinders


TRIBE Member
agreed. imagine you looked under your mechanics hood and saw a mess of duct tape and chewing gum holding his engine together...would you want him working on your car after that?

I remember getting a bit nervous after sitting on the tarmac for 90 mins on a plane once when this plane technician walked down the isle carrying a roll of duct tape...

..ya it was probably being used appropriately but it wasn't inspiring confidence in the passengers let me tell you! ;)